McAfee announced a network security framework designed to provide
network administrators with intrusion prevention systems that provide
context, content and application awareness.
The new network security framework integrates intrusion
prevention systems with advanced features such as application
visibility and integrated threat context, McAfee said Oct. 11. The
framework is based on Network Security Platform 7 for network intrusion
prevention system and is focused on helping enterprises prevent
increasingly sophisticated attacks on their networks, according to the
company.

The McAfee framework also includes application awareness and
control, predictive threat intelligence, context-aware security and
content analysis. Network Security Platform integrates with other
McAfee products and third-party technologies, according to Tyler
Carter, senior group manager at McAfee. The combined tools give
administrators complete visibility over what is happening on the
network, McAfee said.

"Each of the technologies in the framework integrates with
Network Security Platform to provide a single solution to address
next-generation intrusion prevention needs," Carter told eWEEK.
Network Security Platform provides the core-IPS capabilities in the
framework, including advanced intrusion prevention system, application
visibility and control, up-to-date threat information from McAfee
Global Threat Intelligence, heuristics to detect botnet behavior and
traffic, and threat correlation, according to Carter. Protocol-based
inspection tools protect users from advanced malware, exploits
targeting zero-day vulnerabilities, distributed denial-of-service
attacks, and botnets. The platform can also be extended to included
advanced network and data forensics as well as data leak prevention
capabilities.
Application visibility and control includes Layer 7 visibility
over 1,100 applications and an enhanced rules engine that can correlate
application activity with network attacks. The framework provides
insight into system and user behavior as well as network activity in
both the physical and virtual environment. Vulnerability scans also
proactively uncover problems before they are exploited.

Data collected and analyzed by McAfee Labs for the McAfee
Global Threat Intelligence cloud service provide detailed threats
information. The data provides administrators the ability to make
security decisions based on the identity and reputation of hundreds of
billions of file, IP addresses, URLs, protocols and geo-locations data,
McAfee said.
The centralized security and risk management tools for
compliance reporting and defining corporate policies integrate with the
platform, according to McAfee. "Network Security Platform integrates
host vulnerability assessments provided by McAfee Vulnerability Manager
and incorporates flow-based network behavior analysis provided by
McAfee Network Threat Behavior Analysis to provide rich context on
host-based risk factors and network threat activity," Carter said.
McAfee said the new framework aligns the Network Security
Platform as a "next-generation network IPS" as recently defined by
market research firm Gartner. Analysts defined the next-generation
platform as one that provides administrators with application, context
and content awareness to offer a complete view of what is happening in
the network and application, or the "full stack." Threats use advanced
techniques to avoid detection and rely on botnets to launch multi-stage
attacks, and organizations have to defend accordingly, Gartner said.
"Simply stopping attacks that are looking for unpatched servers
is no longer sufficient in this environment," Gartner analysts wrote in
the report, "Defining Next-Generation Network Intrusion Prevention,"
released Oct. 7.